[OpenAFS] OpenAFS Windows client will not map drives
Jeffrey Altman
jaltman@columbia.edu
Fri, 03 Mar 2006 17:50:37 -0500
This is a cryptographically signed message in MIME format.
--------------ms080401050308080600090500
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sean:
On the Loopback adapter, unbind everything but:
* Client for Microsoft Networks
* Internet Protocol
Using the GUIs is not going to help you here so I advise that you stop
trying to use them.
Please read the Debugging OpenAFS section of the release notes that
I pointed you at earlier. Turn on PIOCTL debugging, Trace Logging,
and obtain a copy of the SysInternals DbgView and FileMon tools.
After setting everything up as described in the Release Notes execute
the following commands from the command line:
* kinit <user@REALM>
* aklog -d
* tokens
Now if you have any form of connectivity with the AFS SMB Server you
will have obtained tokens and been able to list them. Otherwise, you
will have received another copy of the Network Name Not Found error.
At that point, you need to use "nbtstat -n" to list all of the
registered network names. The following line should appear once
and only once on the Loopback Adapter:
AFS <20> UNIQUE Registered
There should be no other names on that adapter with type <20>. If
there are, you will lose. If AFS <20> appears on any other adapter,
you will lose.
If you have any machine on your network that is adverting the name
AFS <20>, you will lose.
Jeffrey Altman
Sean Caron wrote:
> Thanks for the suggestions so far. What I am doing is: I have a couple
> of spare machines in my office that I am
> testing various configurations of the OpenAFS client on, so I can try
> all sorts of funky things and not have to
> worry about messing up a machine that someone is actually using. I set
> one up to test the behaviour of the
> client with the loopback adapter on, as so:
>
> (1) Wiped a machine a did a fresh load of our disk image (XP, Novell
> client, etc). Computer name is SPH-2002-0196.
> I saw some old post on the Internet implying that dashes in the hostname
> might cause problems with the AFS
> client, but they dated from 2002 or 2003, so I'm assuming it doesn't
> matter these days. I think I mentioned earlier
> that I tried a system with a boring alphanumeric only name (SPHAFSTEST)
> and it didn't help anything.
>
> (reboot)
>
> (2) Installed MIT Kerberos v3.0.0 with all default settings on; krb5.ini
> has been properly customized for our site.
> Kerberos is set to start automatically when Windows starts (as would
> make sense). (side note: MIT Kerberos seems to
> work fine in and of itself. It gladly will go authenticate and get
> tokens). I did this as an administrator; normal users wouldn't
> normally be allowed to install software given the way we have security
> set up on our workstation disk image.
>
> (reboot)
>
> (3) Installed OpenAFS Windows Client v1.4.0 (as an administrator) WITH
> the loopback adaptor installed this time. Use our
> CellServDB file that actually includes our site. Set AFS cell name to
> "sph.umich.edu <http://sph.umich.edu>". Everything else is set per
> installation
> defaults (AFS crypt security = on, AFS freelance client = on, DNS
> cellserver search = on, start afscreds on login = on, auto
> initialize afscreds = on, renew drivemaps = on, ip change detection =
> on, quiet = on). Installer completes successfully.
>
> (reboot)
>
> (4) Now my test workstation is back online, sitting at the login prompt.
> I try to login to the Novell network (client version 4.91, by
> the way). Now it doesn't work! "The tree or server cannot be found.
> Choose a different tree or server....". OK. Let's log in as
> "Workstation only". Did the Novell client get bound up in the loopback
> adapter or something? Can this be dealt with? I know very
> little about Novell (I am a new hire at SPH, and mostly a UNIX guy).
>
> (5) So I log in to the local machine only and get the AFS Client "Obtain
> New AFS tokens" dialog box. Enter username and password
> and authenticate to cell "sph.umich.edu <http://sph.umich.edu>". Wait a
> minute or two, and the tickets show up in the MIT Kerberos Network Identity
> Manager. So at least authentication and ticketing is all good.
>
> (6) Testing: Start->Run. "\\afs\all". I get the message: "This file does
> not have a program associated with it for performing this action.
> Create an association in the Folder Options control panel".
>
> OK.
>
> Testing: Start->Run. "\\afs\sph.umich.edu". Same message.
>
> Testing: Start->Run. "\\afs\sph.umich.edu\user\s\scaron". Wait a second
> or two... same message.
>
> Testing: Start->Run. "cmd". From command prompt: "net use
> \\afs\sph.umich.edu\user\s\scaron h:". We get the message: "The
> network name cannot be found (system error 67)".
>
> Testing: Click "Drive Letters" tab in AFS client. It sits for a while
> (30 secs - 1 minute). Click "Add". Select "Drive F", AFS path
> "\afs\sph.umich.edu\user\s\scaron", submount "homes". I get the error:
>
> "AFS was unable to map the network drive to the specified path in AFS.
> Check to make sure the drive letter is not currently in use"
> "Error 0x00000043"
>
> (i was thinking about it and it hit me that 43 hex = 67 decimal so i
> guess NETWORK NAME CANNOT BE FOUND is the issue here)
>
> (7) Check network properties. We have two connections installed.
>
> One is called AFS and is bound to the loopback adaptor. Uses items:
> Novell client for Windows, Client for Microsoft networks, Remote
> management, Novell workstation manager, Novell distributed print
> services, TCP/IP
>
> The other is the default Local Area Network connection. Uses items:
> Novell client for Windows, Client for Microsoft networks, QoS
> packet scheduler, Remote management, Novell workstation manager, Novell
> distributed print services, TCP/IP. Windows firewall is
> on. We use DHCP to get all network card parameters & DNS server
> information. TCP/IP filtering is off. NetBIOS is set to "Use NetBIOS
> setting from DHCP server. If static IP address is used or DHCP server
> does not provide NetBIOS setting, enable NetBIOS over TCP/IP"
>
> I see that we don't actually have a NetBIOS protocol installed by
> default on our load. Let's do it manually for now.
>
> (8) Add protocol: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
> (this is the only NetBIOS protocol available in the list).
> Install it.
>
> (reboot)
>
> (9) So we're back at the login prompt and you still can't log in to
> Novell. We get the same "The tree or server cannot be found..." message.
> Let's login to local workstation only again and proceed. Once again I am
> able to successfully log in, authenticate to sph.umich.edu
> <http://sph.umich.edu>, and
> obtain tokens.
>
> (10) Try the same testing suite again:
>
> Testing: Start->Run. "\\afs\all". I get the message: "This file does not
> have a program associated with it for performing this action.
> Create an association in the Folder Options control panel".
>
> Testing: Start->Run. "\\afs\sph.umich.edu". Same message.
>
> Testing: Start->Run. "\\afs\sph.umich.edu\user\s\scaron". Same message.
>
> Testing: Start->Run. "cmd". From command prompt: "net use
> \\afs\sph.umich.edu\user\s\scaron h:". We get the message: "The
> network name cannot be found (system error 67)".
>
> Testing: Click "Drive Letters" tab in AFS client. It comes up instantly
> this time around. Click "Add". Select "Drive F", AFS path
> "\afs\sph.umich.edu\user\s\scarno", submount "homes". I again get the error:
>
> "AFS was unable to map the network drive to the specified path in AFS.
> Check to make sure the drive letter is not currently in use"
> "Error 0x00000043"
>
> That didn't seem to help anything.
>
> (11) Go to Network Connections->Advanced Settings. In "adapters and
> bindings" I move the AFS (loopback) connection to the top of
> the pile. Go to Provider Order tab and move OpenAFSDaemon to the very
> top of the heap (it was at the very bottom).
>
> (reboot)
>
> (12) I'm not even going to try and log into the Novell network this time
> around. Log in to local machine only and run my series of test
> commands again. Same results as above.
>
> (13) It was suggested that I perhaps unbind NWLink IPX/SPX/NetBIOS
> Compatible Transport Protocol from the Client for Microsoft
> Networks. Go back into Network->Advanced Settings and do that. While I'm
> at it, I see that TCP/IP has become unbound from the
> Novell client. So I bind that back up while I'm there.
>
> (reboot)
>
> (14) Why not try and log into Novell this boot around? I still get the
> "Tree or server cannot be found" error. Let's login to the workstation
> only and proceed again.
>
> (15) Run my little suite of test commands again. Same results as above
> (no change).
>
> This is about where I stand now. I've tried some various other things:
> Hard setting "NetBIOS over TCP/IP" to ON instead of taking settings
> based on DHCP values, manually entering DNS servers, turning off Windows
> firewall, etc. All seem to have no effect. I've repeated all this
> for both the cases of loopback adaptor installed, and loopback adaptor
> not installed, basically, with (roughly) the same effects. Some of
> the errors I got without the loopback adaptor were a little different (I
> remember getting a system error 53 a couple of times, among other
> things).
>
> I tried to be as exhaustive as possible in compiling my little report
> here; I hope it isn't entirely too much wasted reading and writing for
> myself and all of you out there on the list. I'm really hoping to be
> able to get this to work, or, failing that, at least be able to go to my
> supervisor and say without a doubt that "the AFS client for Windows will
> not work with [our] Novell installation [because]...", so I want
> to be sure that I pretty much left no stone unturned.
>
> Thanks, everyone, for all the help thus far. Please don't hesitate to
> ask me about anything if you feel that you might need more knowledge
> about my system environment to be able to offer any useful suggestions.
>
> Regards,
>
>
> Sean Caron
>
> Associate Systems Administrator
> University of Michigan School of Public Health
> 1-734-763-4206
> scaron@umich.edu <mailto:scaron@umich.edu>
>
>
> On 3/3/06, *Rodney M Dyer* <rmdyer@uncc.edu <mailto:rmdyer@uncc.edu>> wrote:
>
> At 12:12 PM 3/3/2006, Jeffrey Altman wrote:
> >I have heard of other organizations having problems with both
> Novell and
> >OpenAFS clients on the same machines. I have not had access to such a
> >configuration to be able to debug it.
>
> Just a note. We run the Novell client without issues with OpenAFS
> and the
> loopback adapter. We DO NOT however use the Novell GINA
> module. After we
> install the Novell client, we replace the nwgina.dll back to
> msgina.dll. We also place the afslogon.dll authenticator first in the
> providers list.
>
> Rodney
>
> Rodney M. Dyer
> Windows Systems Programmer
> Mosaic Computing Group
> William States Lee College of Engineering
> University of North Carolina at Charlotte
> Email: rmdyer@uncc.edu <mailto:rmdyer@uncc.edu>
> Web: http://www.coe.uncc.edu/~rmdyer
> Phone: (704)687-3518
> Help Desk Line: (704)687-3150
> FAX: (704)687-2352
> Office: Cameron Applied Research Center, Room 232
>
>
--------------ms080401050308080600090500
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJPzCC
AvowggJjoAMCAQICAw7NrDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNTI3MTc0MjQzWhcNMDYwNTI3MTc0MjQz
WjBrMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjEjMCEGCSqGSIb3DQEJARYUamFsdG1hbkBjb2x1bWJpYS5l
ZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+LutDu/YyHreNfoYd+ZtOjXsL
h67F2cmcVuBPBz+ZGDA+WpVEHrqXaZZO8acXBR5uAVfiwA1acE/kvD/CN5kAqx1VJuQ8Pvyk
iGHhUYTd27ZTliBIrptC7C/381gVwkS+a8jQFPJPO+OktZDzAYplGRY/MQCV8dIsvXUjucox
7TwTTdoLAJYRvHtfEcaCc6mO4ph6NeXQw8Grlx3IRAlTrkE5fBGyjH6R4fqnFTXRQAh1/bG+
i8hQvE6mud3mXdL2t7NP1Qxd9wW0/F/pnWY12IFP/luc3zEzIPvAe+nJluLuSEj0LZgP16mF
xBj1p+u9HPWcHRVX6q7+MQ0RWOv1AgMBAAGjMTAvMB8GA1UdEQQYMBaBFGphbHRtYW5AY29s
dW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAUDUuzxiq8bbI8vq2
swRK513RphZp+fepyKU5mwBI6aF4GcmqITQILtfTG2SXnjSeY99d+bjOdK1DJFvVh9aOy8mh
2NbEnqMnJIZtg5+eEU64DIV5bQdDRpi99H9vA0sRATIquut+3YHba+zArj0VkVof2VI+ToBu
sHdtSrZYo0gwggL6MIICY6ADAgECAgMOzawwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1MDUyNzE3NDI0M1oXDTA2
MDUyNzE3NDI0M1owazEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMx
HDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xIzAhBgkqhkiG9w0BCQEWFGphbHRtYW5A
Y29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvi7rQ7v2Mh63
jX6GHfmbTo17C4euxdnJnFbgTwc/mRgwPlqVRB66l2mWTvGnFwUebgFX4sANWnBP5Lw/wjeZ
AKsdVSbkPD78pIhh4VGE3du2U5YgSK6bQuwv9/NYFcJEvmvI0BTyTzvjpLWQ8wGKZRkWPzEA
lfHSLL11I7nKMe08E03aCwCWEbx7XxHGgnOpjuKYejXl0MPBq5cdyEQJU65BOXwRsox+keH6
pxU10UAIdf2xvovIULxOprnd5l3S9rezT9UMXfcFtPxf6Z1mNdiBT/5bnN8xMyD7wHvpyZbi
7khI9C2YD9ephcQY9afrvRz1nB0VV+qu/jENEVjr9QIDAQABozEwLzAfBgNVHREEGDAWgRRq
YWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFA1
Ls8YqvG2yPL6trMESudd0aYWafn3qcilOZsASOmheBnJqiE0CC7X0xtkl540nmPfXfm4znSt
QyRb1YfWjsvJodjWxJ6jJySGbYOfnhFOuAyFeW0HQ0aYvfR/bwNLEQEyKrrrft2B22vswK49
FZFaH9lSPk6AbrB3bUq2WKNIMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENB
MSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcx
NzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnK
mVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/
cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8
YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5j
cmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwy
LTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4
Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowg
T2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzswggM3AgEB
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMOzaww
CQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMDYwMzAzMjI1MDM3WjAjBgkqhkiG9w0BCQQxFgQUiJqXrantwSGCTrmezjSAS5IipQAw
UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7NrDB6BgsqhkiG9w0B
CRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AgMOzawwDQYJKoZIhvcNAQEBBQAEggEAaWiIlKKRFDUI2IhkZ7Cl1o7Ova3icPjks2qq1T+a
sX5wOqh2G5AuyiOcHAGowUcUBSvVVZgGZV4JdddYwV/nDi2Aokk1C1FhiKYjgYCVBbqNjHZP
fxuxiX4USZ4r+0Hxxr9PqHzvxI/0Swh8x90rvOrDkOaMbi77e1pHOAQi//5GvoRRxldSaDP8
0HVjUrwTFekRu1ZPGbtn9mLl7kkZ3CEiLGptkuAvgbm0+Vfyn3GNpIoZyVlafY+neLFry1Dh
1l/2rBLmxoH4ouRSeQgExNEXPpSsot/2K0Cl72jly457evHaQDIFClZFwdJnNObJBZWmCCul
DVSch0/dX9y5bAAAAAAAAA==
--------------ms080401050308080600090500--